Volerion logoVolerion
Volerion logoVolerion

Linux Kernel ksmbd NULL Pointer Dereference Vulnerability in Compound Requests

Vulnerability

A vulnerability in the Linux kernel's ksmbd component can lead to a NULL pointer dereference. This issue arises when a compound request's first operation is an SMB2 ECHO request, causing ksmbd to skip session and tree ID validations. As a result, the session and tree connection pointers can be NULL. If a subsequent request in the compound tries to access these pointers, it triggers a NULL pointer dereferencing error.

Impact

Exploitation of this vulnerability causes a NULL pointer dereferencing error, which can lead to a crash of the ksmbd service.

Reproduction

To reproduce this vulnerability, send a compound request to the ksmbd server with the first operation being an SMB2 ECHO request. This will bypass the necessary session and tree ID validations. Then, include a second request in the compound that accesses the session or tree connection, which will cause a NULL pointer dereference and crash the service.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched.

Added: Aug 16, 2025, 2:23 PM
Updated: Aug 16, 2025, 2:23 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.